{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1757", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-27T15:30:56.479Z", "datePublished": "2025-02-28T04:21:56.133Z", "dateUpdated": "2026-04-08T16:46:12.155Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:12.155Z"}, "affected": [{"vendor": "portfoliohub", "product": "WordPress Portfolio Builder \u2013 Portfolio Gallery", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "WordPress Portfolio Builder \u2013 Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36dcf1c4-1e0a-4ab6-a1b3-a9fe3aaddd0b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/uber-grid/trunk/src/Frontend.php#L542"}, {"url": "https://plugins.trac.wordpress.org/browser/uber-grid/trunk/src/Frontend.php#L39"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Bassem Essam"}], "timeline": [{"time": "2025-02-18T19:35:20.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-28T14:04:13.758040Z", "id": "CVE-2025-1757", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T14:05:46.526Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1757", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-28T14:04:13.758040Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-28T14:05:38.956Z"}}], "cna": {"title": "WordPress Portfolio Builder \u2013 Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "Bassem Essam"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "portfoliohub", "product": "WordPress Portfolio Builder \u2013 Portfolio Gallery", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-18T19:35:20.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36dcf1c4-1e0a-4ab6-a1b3-a9fe3aaddd0b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/uber-grid/trunk/src/Frontend.php#L542"}, {"url": "https://plugins.trac.wordpress.org/browser/uber-grid/trunk/src/Frontend.php#L39"}], "descriptions": [{"lang": "en", "value": "The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:12.155Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1757", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:12.155Z", "dateReserved": "2025-02-27T15:30:56.479Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-28T04:21:56.133Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:portfoliohub:portfoliohub:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5F653461-1C83-4AB9-8418-87811AC114AE", "versionEndIncluding": "1.1.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WordPress Portfolio Builder \u2013 Portfolio Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Portfolio Builder \u2013 Portfolio Gallery de WordPress es vulnerable a cross site scripting almacenado a trav\u00e9s de los c\u00f3digos cortos 'pfhub_portfolio' y 'pfhub_portfolio_portfolio' del complemento en todas las versiones hasta la 1.1.7 incluida, debido a una depuraci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."}], "id": "CVE-2025-1757", "lastModified": "2025-03-06T20:21:36.547", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-02-28T05:15:34.097", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/uber-grid/trunk/src/Frontend.php#L39"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/uber-grid/trunk/src/Frontend.php#L542"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/36dcf1c4-1e0a-4ab6-a1b3-a9fe3aaddd0b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Undergoing Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T22:13:57.457963+00:00", "value": {"mitigation_remediation": ["Update or upgrade the plugin to a version newer than 1.1.7 that has proper input sanitization.", "Restrict contributor and lower roles from adding or editing shortcodes that accept user\u2011controlled attributes, or disable the affected shortcodes for such roles.", "Implement a site\u2011wide Content Security Policy and/or a reputable web application firewall that blocks or sanitizes injected JavaScript before it reaches end users."], "summary": {"action": "Patch Now", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected product is PortfolioHub WordPress Portfolio Builder \u2013 Portfolio Gallery, versions up to and including 1.1.7. Any installation of these versions that allows contributor\u2011level users to publish or edit content is vulnerable.", "description_and_impact": "The vulnerability resides in the WordPress Portfolio Builder \u2013 Portfolio Gallery plugin, which fails to sanitize user supplied attributes for the 'pfhub_portfolio' and 'pfhub_portfolio_portfolio' shortcodes. An authenticated user with contributor\u2011level access or higher can embed malicious scripts into stored content. The injected code is executed in a victim\u2019s browser whenever the affected page is loaded, enabling session hijacking, cookie theft, defacement or other client\u2011side attacks typical of Cross\u2011Site Scripting (CWE\u201179).", "risk_and_exploitability": "The CVSS score of 6.4 indicates a medium\u2011to\u2011high severity, but the EPSS score of less than 1% shows the likelihood of exploitation is low at present. The issue is not listed in the CISA KEV catalog. A necessary prerequisite is authentication as a user with contributor or higher privileges. The attack vector is inbound on the WordPress site; an attacker can inject a malicious payload through the shortcode attributes which is then rendered for all users visiting the page. The lack of input validation and output escaping creates a persistent XSS vector that can be exploited if the user\u2019s role permits shortcode use."}}}}, "created": "2026-04-21T22:15:45.905572+00:00", "updated": "2026-04-21T22:15:45.905584+00:00", "vendors": []}